How To Build Azure Virtual Network (VNet) And Its Components

You might already be aware that Azure allow us to create VMs as Infrastructure as a Service services out of which VM is one of the components. Below are the articles that explain how to create Virtual Machines for Window 10 Server and Virtual machine with SQL Server.

The above articles explain the step by step process of creating VMs. In this article, we will understand the different components that are associated with the Virtual Machine.

Azure Management portal takes care about creating all the components (that we will be discussing in a moment) on behalf of us. If we are not aware of these components, it will not be easy to troubleshoot in case if there are any issues.

So, Let’s learn about the details of the different Azure Components / objects that are associated and are created by default when you create a Virtual Machine.

Below are the components that are required for a VM to be provisioned in the Azure Cloud.

Figure A – Virtual Network and Its Components

Below is a basic Physical Diagram of a Virtual Network that has all the above components. The rest of the article provides basic details of each of the individual components and how to create them using the Azure Management portal.


Figure B – Physical Diagram - Virtual Network and Its Components

What is an Azure VNet (Virtual Network)?

Like any other network, you can create a VNet with Azure. We can have our own isolated network within the Azure Cloud. Once you create your VNet, you can also segment the VNet into Subnets and attach IAAS or PAAS Virtual Machines.

In this article, we will just create a VNet. However, in your production scenarios, you might want to create separate VNet for each of your environments like Production, Staging, Development etc.

Please go through the following animated image to create a Virtual Network.



What is a Subnet?

Subnet is a segment within a given VNet. You can create any number of Subnets within a VNet. All the subnets must be fully contained in the virtual network address space and should not overlap with one another. As shown in the figure Figure B above, we named the subnet “web” where we will be creating and attaching a Virtual Machine that we will be using for creating a Web Server.

In production scenarios, you might be creating multiple subnets, one for all your Application / Web Servers and one for hosting all your Database Servers. For simplicity reasons, in this article, we will only work with creating a Web Server and attach the same to the Subnet named “web”.

By default, when you create a VNet, it’s also mandatory that you create a Subnet. You can also create multiple Subnets after you create a VNet.

The smallest subnet that Azure supports is a /29 and the largest is a /8 (using CIDR subnet definitions).

What is a Network Security Group?

Network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to your VM instances in a Virtual Network. NSGs can be associated with either subnets or individual VM instances within that subnet. When a NSG is associated with a subnet, the ACL rules apply to all the VM instances in that subnet. In addition, traffic to an individual VM can be restricted further by associating a NSG directly to that VM.

Network Security Group Definition Ref: https://azure.microsoft.com/en-in/documentation/articles/virtual-networks-nsg/

NSGs can have two type of rules

  • Inbound Rule
    You can control all the Ingress using these Inbound rules

  • Outbound Rule
    You can control all the Egress using these Outbound rules.

Default Rules within a NSG - By default, the following Rules are activated when you create a Network Security Group.



Please go through the following animated image for the step by step process of creating a Network Security Group.



How to enable Remote Desktop Protocol?

By default, all the traffic coming to the VM is blocked. You cannot even do a Remote Desktop to the VM that you attach to the Virtual Network (you will see how to do this in a moment).

In order to allow RDP access for a particular VM, you need to create an Inbound rule that just allows RDP protocol.

Please go through the following animated image to understand the steps to allow RDP protocol.



What is a Network Interface Card?

A Virtual Machine could only be associated with a Virtual Network with the help of a Network Interface Card (NIC). You can think of NIC as a connection between a VM and VNet.

A NIC can be associated with both Private IP Address as well as a Public IP Address.

You can also associate a NSG to a NIC to allow or deny the traffic from and to the Virtual Machine that you attach to the NIC. You will see how to attach a Virtual machine, NSG and an IP Address in the coming section of this article.

Please follow the below animated images to create a Network Interface Card.



What is IP Address?

Each device within a network could be addressed using an IP Address. IP addresses allow all the network resources to be reached via a Network Interface.

  • Private IP Address
    These type of addresses allows the resources to communicate between then within the Network.

  • Public IP Address
    These are used to communicate with the resources across the internet.

Please follow the below animated image to create an IP Address from the Azure Management Portal.



How to associate NIC with an IP Address?

Once you create both the NIC (Network Interface Card) and IP Address, you need to associate both of them. Please find the following animated image for the steps to associate a NIC to an IP Address.




Storage Account

You need to create and associate Storage Account to store all the Disks associated with the Virtual Machine. You can create a storage account using any one of the following ways.

Once you create the Virtual Network and all its related components that are required for associating a Virtual Machine, we can go ahead and create a required Virtual Machine. In this example, I have created a Windows Server 2012 VM. Please go through the below animated gif for the steps required for creating a VM and associating with all the components that we have discussed above.


Summary

We have learned how to create Azure VNet components individually and associated them to a Virtual Network.

Hope you enjoyed reading the article. Your feedback is much appreciated.